Computerized systems play a fundamental role in the development, manufacture and supply of medical treatments. This is the third and thoroughly updated edition of the best-selling book dealing with validation, compliance and software in the pharmaceutical, healthcare and medical device industries. The first volume provides a comprehensive walk-through of lifecycle and development methodologies bringing together technological advances, latest regulatory requirements, inspection findings, and compliance strategies. New chapters have been added on agile development methodologies, data integrity, artificial intelligence and machine learning. The second volume comprises an extensive set of refreshed case studies spanning laboratory, manufacturing and supply chain systems with new contributions on databases, spreadsheets, LIMS, blockchain, mobile devices, AI-enabled systems, big data and digital twins authored by various industry experts.
Key Features
-
Covers governance framework, roles and responsibilities, quality culture, project life cycle, operational compliance, risk management, electronic records/signatures, supplier management, practical troubleshooting, handling regulatory inspections, metrics, and opportunities for performance improvement.
-
Provides a set of 22 new and updated case studies by industry experts, demonstrating how these computer system validation principles are put into practice.
-
Focuses on GxP regulatory requirements covering GCPs, GLPs, GMPs, and GDPs—complete with observations from inspections by the U.S. FDA and other regulators.
-
Discusses industry regulations and guidance, including current thinking of the U.S. FDA on computer software assurance, the latest guidance from the U.S. FDA/EU/MHRA on data integrity, and the newly published ISPE GAMP 5 Guide (Second Edition).
-
Shares the practical experience and advice from a group of leading computer validation and compliance international experts.
Table of Contents:
Foreword. Preface. About The Editor. Abbreviations. Chapter 1 Introduction. Chapter 2 Organization and Management. Chapter 3 Lifecycle Methodologies & Supporting Processes. Chapter 4 Prospective Verification and Validation. Chapter 5 Project Initiation and Compliance Determination. Chapter 6 Requirements Capture and Supplier (Vendor) Selection. Chapter 7 Design and Development. Chapter 8 Coding, Configuration, and Build. Chapter 9 Development Testing. Chapter 10 User Qualification and Authorization to Use. Chapter 11 Operation and Maintenance. Chapter 12 Phaseout and Withdrawal. Chapter 13 Data Integrity. Chapter 14 Regulated Electronic Records and Electronic Signatures. Chapter 15 Artificial Intelligence & Machine Learning. Chapter 16 Regulatory Inspections. Chapter 17 Compliance Strategies. Chapter 18 Capabilities, Measures, and Performance. Chapter 19 Practical Troubleshooting. Chapter 20 Concluding Remarks. Glossary. Index
About the Author :
Guy Wingate, PhD, was Vice President & Compliance Officer and before that Director Global Computer Validation at GlaxoSmithKline until his recent retirement. A well‑known speaker on computer validation, he has over 30 years of experience in the pharmaceutical industry. He has been a visiting lecturer at the University of Manchester’s M.Sc. in Pharmaceutical Engineering Advanced Training program and the Dublin Institute of Technology’s accredited M.Sc. in Validation Science program. He is an active member of the ISPE and served as Chair of the GAMP Council for 10 years, which is responsible for the internationally recognized suite of GAMP® Guides on computer compliance. Guy led the teams who produced the original GAMP®5 Guide: A Risk Based Approach to Compliant GxP Computerized Systems and the GAMP® Good Practice Guide: A Risk-Based Approach to Compliant Electronic Records and Signatures. His extensive list of published work also includes the books Validating Automated Manufacturing and Laboratory Applications, Validating Corporate Computer Systems and previous editions of this book Pharmaceutical Computer Systems Validation.
Review :
This book’s strong emphasis on governance, management oversight, and maintaining control throughout the operational life cycle [of computer systems used in the pharmaceutical industry] is both timely and necessary.
A key challenge for today’s organizations today is the shift from validating systems at a point in time to assuring them continuously throughout their life. Modern development and delivery approaches, such as Agile and DevOps, can support this goal, but only when the supporting controls are designed deliberately and applied consistently. Clear intent of requirements, risk‐based decision‐making, appropriate testing strategies for high‐risk functions, robust release and configuration management, and effective supplier oversight remain essential. Several chapters in the book address these realities directly, focusing on the areas where compliance most often degrades: operation, maintenance, and change.
At the same time, the regulatory and compliance landscape continues to evolve. There is sustained global focus on data governance and data integrity, including expectations for effective investigation, remediation, and prevention of recurrence. Cybersecurity, data availability, and business continuity are receiving increased attention, reflecting their direct impact on product quality and patient safety. Regulators also increasingly expect organizations to understand, control, and justify the use of emerging technologies, particularly where these technologies influence GxP decisions, regulated records, or regulatory submissions.
What is particularly welcome about this book is its practical orientation. While regulations and guidance are widely available, many organizations struggle to translate high‐level principles into consistent execution across diverse system types and life cycle stages. This work helps to bridge that gap. Through its structured approach and breadth of examples, from laboratory and manufacturing systems to enterprise platforms, infrastructure, cloud services, and data‐intensive digital architectures, it provides practitioners with a coherent framework grounded in real operational experience.
I would encourage readers to approach this book not simply as a compliance manual, but as a guide to building organizational capability. Capability means being able to explain, with confidence, how and why controls are proportionate to risk; demonstrating that systems are fit for their intended use; evidencing that data remain complete, consistent, and trustworthy throughout the data life cycle; and showing that the organization learns through effective management review, meaningful metrics, and a culture that treats issues as opportunities for improvement rather than occasions for blame.
In an era of increasing digital dependence, this capability is not optional. It is fundamental to protecting patients, safeguarding product quality, and maintaining trust in the organizations responsible for both. I commend this book to practitioners, managers, and auditors alike, and I hope it serves as a practical companion in building the right environment, technical, procedural, and cultural, for robust computer compliance and data integrity.
Tracy Moore
Former Expert GMP Inspector, UK Medicines & Healthcare products Regulatory Agency (MHRA)